diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
index b49857de8..cfdf16366 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
@@ -6,7 +6,7 @@ use Lemonldap::NG::Common::Regexp;
use Lemonldap::NG::Handler::Main;
use Lemonldap::NG::Common::Util qw(getSameSite);
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.11';
## @method hashref tests(hashref conf)
# Return a hash ref where keys are the names of the tests and values
diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index 1980a5072..f66ff7265 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -679,6 +679,8 @@ t/68-ContextSwitching.t
t/68-FindUser-with-DBI.t
t/68-FindUser-with-Demo-and-token.t
t/68-FindUser-with-Demo.t
+t/68-FindUser-without-attribute.t
+t/68-FindUser-without-Impersonation.t
t/68-Impersonation-with-2F.t
t/68-Impersonation-with-doubleCookies.t
t/68-Impersonation-with-filtered-merge.t
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index 2ca925e7c..f69ef48ea 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -479,11 +479,12 @@ sub display {
# Display authentication form
else {
- my $fields = [];
+ my $fields = [];
if ( $self->conf->{findUser}
+ && $self->conf->{impersonationRule}
&& $self->conf->{findUserSearchingAttributes} )
{
- $login = $req->{findUser};
+ $login = $req->{findUser};
$self->logger->debug(
'Building array ref with searching fields...');
@$fields = map { {
@@ -509,7 +510,7 @@ sub display {
DISPLAY_YUBIKEY_FORM => 0,
FIELDS => $fields,
SPOOFID => $req->{findUser},
- FINDUSER => $self->conf->{findUser} && scalar @$fields
+ FINDUSER => scalar @$fields
);
}
@@ -543,7 +544,7 @@ sub display {
MSG => $req->info(),
FIELDS => $fields,
SPOOFID => $req->{findUser},
- FINDUSER => $self->conf->{findUser} && scalar @$fields
+ FINDUSER => scalar @$fields
);
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
index 51605558e..6ef12925a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@@ -9,7 +9,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS
);
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.11';
extends qw(
Lemonldap::NG::Portal::Main::Plugin
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm
index fcd431a42..230b4a3eb 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm
@@ -8,7 +8,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED
);
-our $VERSION = '2.0.10';
+our $VERSION = '2.0.11';
extends qw(
Lemonldap::NG::Portal::Main::Plugin
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
index fda517c67..7d2f3b011 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
@@ -33,6 +33,8 @@ sub init {
( my $imp = grep /::Plugins::Impersonation$/, $self->p->enabledPlugins )
? $self->addUnauthRoute( finduser => 'provideUser', ['POST'] )
: $self->logger->warn('FindUser plugin enabled without Impersonation');
+ $self->logger->warn('FindUser plugin enabled without searching attribute')
+ unless keys %{ $self->conf->{findUserSearchingAttributes} };
return 1;
}
diff --git a/lemonldap-ng-portal/t/68-FindUser-with-DBI.t b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
index 9e109ea69..18d1c0876 100644
--- a/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
+++ b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
@@ -5,9 +5,8 @@ use IO::String;
require 't/test-lib.pm';
-
my $maintests = 41;
-my $userdb = tempdb();
+my $userdb = tempdb();
SKIP: {
eval { require DBI; require DBD::SQLite; };
@@ -64,8 +63,9 @@ SKIP: {
## Simple access
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
my ( $host, $url, $query ) =
- expectForm( $res, '#', undef, 'uid', 'password', 'spoofId' );
-
+ expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
+ ( $host, $url, $query ) =
+ expectForm( $res, '#', undef, 'uid', 'guy', 'cn' );
$request = '';
ok(
$res = $client->_post(
diff --git a/lemonldap-ng-portal/t/68-FindUser-with-Demo-and-token.t b/lemonldap-ng-portal/t/68-FindUser-with-Demo-and-token.t
index e8032abc6..ed501a617 100644
--- a/lemonldap-ng-portal/t/68-FindUser-with-Demo-and-token.t
+++ b/lemonldap-ng-portal/t/68-FindUser-with-Demo-and-token.t
@@ -9,7 +9,7 @@ my $res;
my $json;
my $client = LLNG::Manager::Test->new( {
ini => {
- logLevel => 'debug',
+ logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
useSafeJail => 1,
@@ -27,9 +27,9 @@ my $client = LLNG::Manager::Test->new( {
## Simple access
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
my ( $host, $url, $query ) =
- expectForm( $res, '#', undef, 'uid', 'password', 'spoofId', 'token' );
+ expectForm( $res, '#', undef, 'user', 'password', 'spoofId', 'token' );
( $host, $url, $query ) =
- expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
+ expectForm( $res, '#', undef, 'uid', 'guy', 'cn', 'token' );
count(1);
$query =~ s/uid=/uid=dwho/;
diff --git a/lemonldap-ng-portal/t/68-FindUser-with-Demo.t b/lemonldap-ng-portal/t/68-FindUser-with-Demo.t
index b5d322e75..79151e8ff 100644
--- a/lemonldap-ng-portal/t/68-FindUser-with-Demo.t
+++ b/lemonldap-ng-portal/t/68-FindUser-with-Demo.t
@@ -30,7 +30,7 @@ my $client = LLNG::Manager::Test->new( {
## Simple access
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
my ( $host, $url, $query ) =
- expectForm( $res, '#', undef, 'uid', 'password', 'spoofId' );
+ expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
$request = '';
ok(
diff --git a/lemonldap-ng-portal/t/68-FindUser-without-Impersonation.t b/lemonldap-ng-portal/t/68-FindUser-without-Impersonation.t
new file mode 100644
index 000000000..9b2661024
--- /dev/null
+++ b/lemonldap-ng-portal/t/68-FindUser-without-Impersonation.t
@@ -0,0 +1,54 @@
+use Test::More;
+use strict;
+use JSON;
+use IO::String;
+
+require 't/test-lib.pm';
+
+my $maintests = 6;
+
+my $res;
+my $json;
+my $request;
+my $client = LLNG::Manager::Test->new( {
+ ini => {
+ logLevel => 'error',
+ authentication => 'Demo',
+ userDB => 'Same',
+ useSafeJail => 1,
+ requireToken => 0,
+ findUser => 1,
+ impersonationRule => 0,
+ findUserSearchingAttributes =>
+ { uid => 'Login', guy => 'Kind', cn => 'Name' },
+ findUserExcludingAttributes =>
+ { type => 'mutant', uid => 'rtyler' },
+ }
+ }
+);
+
+## Simple access
+ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
+my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'user', 'password' );
+ok(
+ $res->[2]->[0] !~
+ m%Search for an account%,
+ 'Search an account not found'
+) or explain( $res->[2]->[0], 'Found search for an account' );
+$request = 'uid=dwho';
+ok(
+ $res = $client->_post(
+ '/finduser', IO::String->new($request),
+ accept => 'application/json',
+ length => length($request)
+ ),
+ 'Post FindFuser request'
+);
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+ or print STDERR "$@\n" . Dumper($res);
+ok( $json->{result} == 0, ' result => 0' )
+ or explain( $json, 'result => 0' );
+ok( $json->{error} == 9, ' error => 9' )
+ or explain( $json, 'result => 9' );
+count($maintests);
+done_testing( count() );
diff --git a/lemonldap-ng-portal/t/68-FindUser-without-attribute.t b/lemonldap-ng-portal/t/68-FindUser-without-attribute.t
new file mode 100644
index 000000000..5e1eb37ba
--- /dev/null
+++ b/lemonldap-ng-portal/t/68-FindUser-without-attribute.t
@@ -0,0 +1,54 @@
+use Test::More;
+use strict;
+use JSON;
+use IO::String;
+
+require 't/test-lib.pm';
+
+my $maintests = 6;
+
+my $res;
+my $json;
+my $request;
+my $client = LLNG::Manager::Test->new( {
+ ini => {
+ logLevel => 'error',
+ authentication => 'Demo',
+ userDB => 'Same',
+ useSafeJail => 1,
+ requireToken => 0,
+ findUser => 1,
+ impersonationRule => 1,
+ findUserExcludingAttributes =>
+ { type => 'mutant', uid => 'rtyler' },
+ }
+ }
+);
+
+## Simple access
+ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
+my ( $host, $url, $query ) =
+ expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
+ok(
+ $res->[2]->[0] !~
+ m%Search for an account%,
+ 'Search an account not found'
+) or explain( $res->[2]->[0], 'Found search for an account' );
+$request = 'uid=dwho';
+ok(
+ $res = $client->_post(
+ '/finduser', IO::String->new($request),
+ accept => 'application/json',
+ length => length($request)
+ ),
+ 'Post FindFuser request'
+);
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+ or print STDERR "$@\n" . Dumper($res);
+ok( $json->{user} eq '', ' No user' )
+ or explain( $json, 'user => \'\'' );
+ok( $json->{result} == 1, ' result => 1' )
+ or explain( $json, 'result => 1' );
+
+count($maintests);
+done_testing( count() );